Basic Nginx snippets

I've recently migrated my hosting, finally severing all remaining ties with .NET after rewriting some remaining small experients and projects with Python. As I now have a full Linux instance to manage (at Amazon Lightsail, wanted to try it and looks I'm sticking with it), I've had to improve my Nginx skills from "barely make a site run under a Docker container" to "configure multiple static and dynamic sites running on different subdomains on the same machine". This post is a small recollection of things I needed to accomplish.

Error log default location:

/var/log/nginx/error.log

Subsites inside the same root server block (note that alias paths end with / while a server root path do not):

location /mysubpath/ {
        alias /my/path/to/mysubpath/;
        try_files $uri $uri/index.html =404;
}

Note: It is easier to follow the recommended rule of one /etc/nginx/sites-available/<name> entry per site or subsite instead of having a root path + location and then children location with different subpaths (using alias). I made it work even combining uWSGI and static sites but the config files were more complex, so I reverted to everything in its single file with a single server block.

Proxy uWSGI Python apps through Nginx using system sockets (and as a bonus, disabling default Nginx index file matching):

index wontmatch;

location / {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/mysocketname.sock;
}

Protect password and similar sensible files from being served:

location ~ /\. { deny  all; }

Making all path files have a default MIME type (CSV in the example):

location /mycsvs/ {
    types    { }
    default_type text/comma-separated-values;
}

Protecting with basic authentication (sample tutorial):

auth_basic "Password required";
auth_basic_user_file /mypathtopasswordfile/.htpasswd;

Subdomain aliases:

server_name myalias1.name.com myalias2.name.com name.com;

Optimizations

Fully removing Server header (not only Nginx version):

sudo apt-get update
sudo apt-get install nginx-extras

sudo vim /etc/nginx/nginx.conf

# inside `http {}` section add:
server_tokens off;
more_set_headers 'Server: ';

# Save, exit and:
sudo service nginx restart

GZip all statics (Javascript, CSS, etcetera), as by default only HTML and a few others get compressed:

sudo vim /etc/nginx/ngnix.conf

# Search for `gzip_types` and replace it by:
gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml;

Cache expiration rules for static content: Include or adapt expires.conf inside http, server or location config blocks:

location ~* \.(?:rss|atom)$ {
        expires 1h;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|zip|svg|webm|htc)$ {
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
        expires 1M;
        access_log off;
}

Comments?

Posted by Kartones on 2016-12-30